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Abstract — Voice  over  Internet  Protocol  (VoIP  is  an 
emerging  technology  that  promises  economic  and 
performance  advantages  by  reducing  hardware  and 
enabling  object  oriented  voice  applications.  Technology 
and  products  alone  will  not  automatically  bring  these 
advantages  to  the  military.  A  system  architecture 
approach  is  needed.  Our  approach  translates  user  driven 
requirements  into  products  that  are  secure,  interoperable, 
and  easy  to  use.  Using  the  DoD’s  C4ISR  Architecture 
Framework,  Version  2.0,  we  define  operational,  system, 
and  technical  views  for  secure  Network  voice.  From 
these  views,  we  explore  some  enabling  technologies  and 
applications  to  make  Network  voice  an  Information 
Appliance  for  Joint  Vision  2010. 

Introduction 

DVANCES  in  high  speed  networks,  processing, 
capability  and  Internet  telephony  are  fueling  a  drive  to 
bring  Network  voice  to  the  warfighter.  The  military  needs  an 
architecture  to  structure  Network  voice  solutions  so  they  fuse 
voice  and  data  over  DoD  backbone  networks,  provide  access 
to  legacy  and  emerging  voice  services,  and  position  the 
military  to  take  advantage  of  advanced  knowledge -based 
voice  applications. 

Since  1995,  researchers  at  the  Naval  Research  Laboratory 
have  been  experimenting  with  Network  voice  using  a  tool 
called  Interactive  VOice  eXchange  (IVOX)[l][2].  Through 
this  prototyping  effort,  we  have  learned  about  problem  areas 
in  Network  voice.  These  lessons  drive  home  the  need  for  a 
system  architecture. 


C4ISR  ARCHITECTURE  FRAMEWORK  FOR  SECURE  NETWORK 
VOICE 

Operational,  system,  and  technical  views  provide  a 
uniform  way  of  describing  information  systems  [3][4].  Fig.  1 
shows  our  high  level  operational  concept.  In  this  figure. 
Network  voice  extends  from  ships  at  sea  to  expeditionary 
forces  ashore  to  airborne  aircraft  to  Command  centers  to 
peacekeeping  and  disaster  relief  forces. 

Network  voice  glues  legacy  systems  together  and  provides 
new  ways  of  linking  voice  circuits  with  combat  direction 
activities. 


Fig.  1 .  High  level  operational  concept  graphic  for  secure  Network  voice. 
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Fig.  2  shows  how  enabling  technologies  couple  desired 
voice  services — both  past  and  future — to  our  target 
architecture. 

Legacy  voice  services  include  Plain  Old  Telephone  Service 
(POTS),  the  Defense  Red  Switched  Network  (DSRN),  and 
secure  tactical  voice  nets  like  those  found  in  the  U.S.  Navy’s 
Single  Audio  System  (SAS). 

Fortunately,  today’ s  computer  telephony  marketplace 
provides  the  building  blocks  for  creating  Interworking 
Function  (IWF)  gateways.  These  gateways  let  Network  voice 
users  talk  with  their  legacy  equipped  counterparts. 

Our  team  is  developing  a  prototype  gateway  based  on 
IVOX  for  the  Extended  Littoral  Battlespace  (ELB)  Advanced 
Concept  Technology  Demonstration  (ACTD).  Users  will  be 
able  to  make  telephone  calls  and  talk  on  tactical  radio  voice 
nets  using  the  ELB  gateway  [5]. 

Interoperability  with  emerging  secure  voice  services 
including  Iridium™  and  GlobalStar™  satellite-based 
handsets  and  Integrated  Services  Digital  Network  (ISDN)- 
based  Secure  Terminal  Equipment  (STE)  phones  will  be 
accomplished  using  the  National  Security  Agency’s  Future 


Fig.  2.  How  enabling  technologies  couple  desired  applications  to  the  target 
architecture. 


Narrowband  Digital  Terminal  (FNBDT)  signaling  protocol 

[6]. 

The  FNBDT,  pronounced  “Fend-Bit,”  protocol  provides  a 
Network-independent  overlay  for  interoperation  between 
secure  voice  systems. 

However,  FNBDT  is  more  than  an  overlay,  it’s  a 
“prescription  for  interoperability.”  The  FNBDT  signaling 
plan  is  structured  to  provide  the  core  functions  needed  to 
setup  a  secure  call,  exchange  capabilities,  negotiate  session 
parameters,  change  modes  during  a  call,  and  terminate  a  call. 

The  architects  of  the  FNBDT  signaling  plan  standardized 
core  functions  for  all  FNBDT  capable  equipment.  They  left 
room  for  specialized  capabilities  and  emerging  services  to  be 
added  as  appendices  to  the  signaling  plan. 

The  security  aspects  of  the  proposed  architecture  are  being 
built  around  this  concept  and  we  are  working  on  FNBDT 
appendices  for  Network  voice  and  MPEG  4  applications  to  be 
used  with  the  overlay. 

Although  FNBDT  provides  a  solid  foundation  for  building 
security  into  a  Network  voice  architecture,  there  is  more  to 
security  than  an  interoperable  signaling  protocol. 

Building  security  into  a  secure  network  voice 

ARCHITECTURE 

Several  hard-learned  lessons  regarding  security  and 
cryptographic  communications  demand  attention  when 
considering  alternative  approaches  for  a  secure  Network 
voice  architecture.  First  among  these  is  that  “security  is  only 
as  good  as  the  weakest  link  in  the  chain.”  This  means  that  no 
matter  how  robust  the  architecture,  system  implementations 
will  always  be  at  risk  for  security  flaws.  Good  system  design 
is  the  surest  way  to  avoid  security  flaws  and  achieve  a  usable 
product  [7]. 

Accurate  threat  models  play  a  key  role  in  understanding 
the  real  risks  a  system  faces  and  the  corresponding  security 
measures  needed  to  protect  it. 


Defining  threat  models  for  the  far-reaching  concept  shown 
in  Fig.  1  is  problematic.  First,  the  geographic  range  for 
Network  voice  applications  extends  from  calls  confined 
inside  a  ship  to  calls  with  forward  forces  operating  in  hostile 
territory.  Second,  the  timeline  for  Network  voice  appears  to 
be  open-ended  and  security  measures  defined  today  will  be 
subject  to  attacks  by  adversaries  using  tomorrow’s 
technology. 


One  approach  we  considered  is  to  tailor  the  security 
protections  to  the  Defense  in  Depth  framework  shown  in 
Fig. 3.  Defense  in  Depth  forces  adversaries  to  compromise 
several  protections  to  reach  systems  or  information.  With  this 
approach  the  strength  of  protection  measures  for  Network 
voice  applications  can  be  decreased  and  simplified  for  calls 
within  a  protected  enclave  (zones  1,  2,  &  3).  However,  voice 
applications  need  to  be  “path  aware”  to  insure  calls  are 


adequately  protected.  So  the  simplicity  gained  by  simplified 
protection  measures  could  be  offset  by  the  complexity  of  path 
awareness.  Defense  in  Depth  is  constantly  evolving  as  new 
threats  emerge  and  security  technologies  improve.  Network 
voice  applications  that  depend  on  these  security  features  may 
not  work  when  they  change.  The  Defense  in  Depth  approach 
lacks  the  flexibility  of  true  end-to-end  protection  measures. 

Our  favored  approach  is  to  decouple  the  security 
architecture  from  the  Defense  in  Depth  framework  and  strive 
for  a  “heterogeneous”  security  approach  that  focuses  on  end- 
to-end  encryption  independent  of  the  underlying  Network. 
Network  voice  security  becomes  yet  another  layer  within  the 
Defense  in  Depth  framework.  With  this  approach  the 
strength  of  protection  measures  for  Network  voice 
applications  is  independent  of  the  path  that  calls  take  within 
the  Network.  The  price  for  this  independence  is  having  to 
deal  with  key  management  and  encryption  for  all  secure  calls 
even  when  they  are  confined  within  a  protected  enclave. 

Security  and  interoperability  of  Network  Voice  with  legacy 
and  emerging  voice  services  are  important  issues,  but  it’s  the 
future  of  Network  voice  that  offers  a  never-before-seen  shift 
in  services  available  to  users  [8]. 

Advanced  applications  based  on  mpeg-4  and  mpeg-7 

Imagine  following  a  tactical  operation  on  a  computer 
display  in  a  Command  center.  You  move  the  display  cursor 
over  to  a  track  representing  one  of  your  aircraft  and  "hook” 
the  contact  by  clicking  on  it.  Instantly,  a  tactical  radio 
window  appears  on  your  display  and  you  hear  voice  from  an 
associated  radio  net  through  your  headphones. 

Associating  Network  voice  streams  with  objects  in 
advanced  combat  decision  systems  is  a  new  capability  and  it 
suggests  possibilities  for  easing  operator  workload  and 
increasing  “Speed  of  Command.” 

The  Motion  Picture  Experts  Group  (MPEG)  provides  a 
family  of  open  standards  for  multimedia  including  MPEG-4 
and  MPEG-7.  These  standards  will  enable  advanced 


applications  through  their  object  orientation,  multi-rate 
scaling,  and  interactive  features  [9]. 

Table  1  outlines  some  advantages  of  MPEG-4  that  apply  to 
Network  voice.  These  capabilities  offer  opportunities  for 
crafting  solutions  that  push  the  evolution  of  voice  data  into 
knowledge. 

Table  1.  Advantages  of  MPEG-4 

•  Based  on  Open  Standards 

•  Provides  hooks  to  proprietary  management  & 

protection — you  can  build  military  grade 
encryption  into  it 

•  Supports  advanced  “interactive”  audio  visual 

applications 

•  Tools  include  uniform  and  high  quality  audio 

&  video  encoding 

•  Scalable  content  (multi-rate)  encoding  and 

low  bit-rate  streams  for  mobile  &  wireless 

•  Includes  MPEG-2  AAC  for  multichannel 

surround  sound 

•  Can  be  coupled  with  a  “synthetic  face”  for  a 

computer  generated  decision  aid 

•  MPEG-J  (Dec  99)  Subset  of  JAVA  for 

building  platform  independent  information 
appliances _ 


Future  work 

We  plan  to  continue  refining  the  target  architecture  as  we 

learn  new  lessons  from  the  ELB  gateway  project  and 

establish  the  next  generation  operational  requirements 
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